Data security Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

What are the four main threats to data security?

A

Hardware failure/fault
Software failure
Human error
Deliberate/Malicious damage or access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is data integrity?

A

The correctness of the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is data privacy?

A

not allowing unauthorised people to access the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is data security?

A

a term used for methods that try to ensure that integrity and/or privacy of data is maintained

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name 3 examples of hardware failure/fault

A

hard-disk failure, data corruption during data transfer and power failure while saving file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Name 2 examples of software failure

A

programming error which causes program to crash without data being saved, software not installed correctly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name 3 examples of Deliberate/Malicious damage or access

A

a disgruntled ex-employee deletes important files, a virus infects PC and deletes information (or transmits to an unauthorised person), a hacker guesses a login and password and gains access to information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Name 3 ways you can protect data against hardware failure

A

UPS - uninterruptable power supplies - if power fails work of battery

Secondary backup power supply

Have backups (maybe off-site) of data

Use RAID system - data is written to more than one hard disk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name 2 ways you can protect data against software failure

A

Difficult/impossible to entirely sop data loss through software failure

Buy tried and tested software that has been used for a while to ensure problems have been ironed out.

Backup/recovery systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Name 3 ways you can protect data against Human Error

A

Warnings if data is being deleted

Access rights on files so that only data that user can access can be corrupted

Backups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Name 3 ways you can protect data against Malicious Intent

A

Login/Password/Biometrics

data transmitted across networks should be encrypted

firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why is disaster planning important?

A

Many organisations rely on computer systems and could not continue/survive if system data lost or failed for anything but a short time (e.g. online retailers)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the elements of disaster planning?

A

Regular backups (off-site) is the most important thing

Files archived off-site

Alternative systems

Backup power supplies, etc.

Staff need to be trained in how to recover successfully

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a disaster plan?

A

A disaster plan is a vital document in any organisation to give guidance as to what the organisation will do in the event of different disasters occurring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a contingency plan?

A

a method of recovery for a risk that has been identified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is accidental damage?

A

When data is unintentionally amended or deleted;

People likely to cause accidental damage to data by deleting or amending data by accident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is malicious damage?

A

When data is intentionally amended or deleted;

Hackers likely to cause malicious damage to data

Disgruntled store employees deleting or amending data on purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is encryption used for?

A

Used to hide sensitive information from illegitimate recipients by using encryption algorithms and an encryption key to convert plain text to cypher text.

It will be illegible to those without the encryption and decryption key

19
Q

What are the two methods of key encryption?

A

Symmetric key encryption

Public key (asymmetric) encryption

20
Q

What is encryption?

A

Encryption is the process of changing data, using an algorithm, into a format that cannot be interpreted before being transmitted over the Internet.

When the encrypted data is received at the correct destination, another algorithm is applied to change it back into its original format.

21
Q

What is plain text?

A

The term for the unencrypted message or text

22
Q

What is cipher text?

A

The name given to the encrypted text

23
Q

What is decryption?

A

The process of converting cipher text back into plain text

24
Q

What is symmetric encryption?

A

The sender and receiver of a message share a single, common key (private key) that is used to encrypt and decrypt the message.

If the receiving system does not know the private key, then it cannot decrypt the message.

25
Q

What are the risks of symmetric key encryption?

A

If the private key is sent across a network and is intercepted, a hacker is able to decrypt the data and so is not generally used for this;

If someone does get hold of the private key this can cause a lot of damage because everything that has been encrypted with the key can be read;

Symmetric encryption is very fast (compared to asymmetric encryption);

26
Q

What is a public key?

A

A code used to encrypt/decrypt data that can be made public and is linked to a corresponding private key.

27
Q

What is a private key?

A

A code used to encrypt/decrypt data that is linked to a corresponding public key.

28
Q

What are the disadvantages of asymmetric encryption?

A

more complex to generate

asymmetric encryption/decryption is slower as it takes longer to encrypt and decrypt the messages than symmetric encryption.

29
Q

What are biometrics?

A

Attempts to confirm the identity of a user by physical characteristics, e.g. fingerprint, face, iris, DNA, hand/palm, scent/odour or behaviour, e.g. typing rhythm or voice etc.

30
Q

What are the three stages of biometric identification?

A

Stage one – biometric reading is taken and stored in system.

Stage two – when access is required a new scan is taken and compared to those on file.

Stage three – if match is found then entry is permitted.

31
Q

What are the types of malicious software/threats?

A
Virus
Trojan
Worm
DoS Attacks
Phishing
32
Q

What is a virus?

A

A small computer program attached to another program or file and usually intended to harm the data on the computer.

If the virus is run it will:

  • copy itself onto memory sticks or other computers via a network if possible
  • Once enough copies are made it will aim to delete/corrupt files, wipe the hard-drive or display unwanted messages
33
Q

What is a trojan?

A

Similar to a virus however involves trickery to fool a user into running a program that they think is legitimate;

Malware that is hidden within another file on your computer.

They give a hacker the opportunity to access a computer remotely without the knowledge of the user.

34
Q

What is a worm?

A

A worm is a sub-class of virus

it uses vulnerabilities or inadequate security in systems to transmit itself across networks to other computers

doesn’t require human interaction to run or spread.

35
Q

What is DoS attack?

A

Involves bombarding a computer system with data requests so that it becomes overloaded and unable to carry out its normal operations. This usually involves a DDoS attack (where thousands of computers bombard an internet server with millions of packets of data)

36
Q

What is asymmetric key encryption?

A

Known as public/private key encryption is when both parties have a pair of keys, one private and one public. The Public Key is kept in the open freely usable by anyone as is the encryption algorithm, however the Private Key is kept hidden.

The public key is used to encrypt the data and the private key decrypts it.

A message encrypted with A’s public key can only be decrypted with B’s private key.

37
Q

What is Phishing?

A

Using fake emails or websites to try and fool a user into entering personal data and/or credit card details. E.g. email pretending to be from users bank.

38
Q

What can protect a computer from malicious software/threats?

A

Anti-virus: although not fool-proof having up-to-date to anti-virus will stop most threats;

Educate users: Do not open attachments, software or click on web links unless you’re sure it safe.

Firewalls: Running firewall software will stop many threats from gaining access via a network/Internet connection;

39
Q

What is a hacker

A

A hacker tries to gain access to a computer or network by taking advantage of security weaknesses

They may also take advantage of unpatched (or unknown) software vulnerabilities to gain access.

40
Q

What are the two types of hackers?

A
  • Black-hat hackers

- White-hat hackers

41
Q

What is a black hat hacker?

A

break into systems for personal gain or malicious reasons;

42
Q

What is a white hat hacker?

A

break into systems for non-malicious reasons to try to find security weaknesses so they can report problems and help them to be fixed. They may work for the company in question;

43
Q

What is a risk assessment

A

Identifying different risks in a situation

44
Q

Name examples of what contingency planning anticipates for

A

Computer room environment (secure computer room with climate control, conditioned and backup power supply, etc.)

Hardware (networks, servers, desktop and laptop computers, wireless devices and peripherals)

Connectivity to a server (fibre, cable, wireless etc.)

Software applications (electronic data interchange, electronic mail, enterprise resource management, office productivity etc.)

Data and restoration